Educause Security Discussion
mailing list archives
Re: Cisco Ironport increase is spam getting through?
From: Will Froning <will.froning () GMAIL COM>
Date: Sun, 30 Dec 2012 09:41:58 +0400
Jason Murray wrote:
For those of you that use the Cisco Ironport anti-spam appliances, have
you noticed an increase in spam making it through unmarked in the past 6
months? In the past we would see 1 or 2 messages a week get though, now
I am getting complaints from my users that a dozen or more a day are
Ironport customer for 3 years now.
We have seen an increase in spam, but it more closely matches what Cisco
support says (targeted) rather than obvious porn spam. The majority of
our bulk mail that isn't caught is via googlegroups and in Arabic (we
are based in UAE).
We are running the 7.6.x code base. All the anti-spam rules are
updating automatically as they should be.
I opened a support case with Ironport and they sent back some generic reply:
The nature of spam is always changing, and we are always adjusting our
rules to do our best to catch it while minimizing false positives. Over
the past year or so, there has been less bulk, easy to catch spam and
more targeted, harder to catch spam. This may be why you notice more
spam getting in. As always, we appreciate it if you can submit missed
spam samples so we can improve out engine. See instructions later.
While I would agree with this somewhat, we are now starting to see
blatantly obvious spam getting though (porn).
We have have used Ironport for 6 years now, and we have never had this
much spam get though. Before I continue to press Cisco for an answer,
I am curious if anyone else is seeing similar issues.
I like how relatively simple Ironport is, but I really miss the ability
to tweak rules like I could with PureMessage (pre-Sophos)...
Will.Froning () Gmail com